Mandriva Linux Security Advisory : libssh (MDVSA-2013:009)
Medium Nessus Plugin ID 64551
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been found and corrected in libssh :
The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a Client: Diffie-Hellman Key Exchange Init packet (CVE-2013-0176).
The updated packages have been upgraded to the 0.5.4 version which is not affected by this issue.
SolutionUpdate the affected packages.